[TYPO3-core] Life-time extension of TYPO3 4.7 and security-fix-only branches
steffen.ritter at typo3.org
Tue Dec 10 12:02:43 CET 2013
in addition to the lifetime extension of TYPO3 4.7 we wanted to let
you know about some more insights on what we talked about at the Release
Team Meeting regarding the in Stuttgart. A detailed protocol will follow
the next days.
So in a nutshell we agreed on the following guidelines and solutions:
* Support for TYPO3 4.7 will be extended until end of October 2014.
* The lifetime extension can be considered as onetime exception.
* We keep all stable branches in “security & bug fix” mode
* With reaching the “security & bug fix” phase a branch basically goes
to merge-freeze and only a release team decision may merge patches there.
* As a result we advice developers to only contribute patches for these
branches after there is a release manager approval for that.
The details behind that:
A close look at the current release agenda revealed that none of the
TYPO3 CMS branches is in the bug fixing maintenance phase at the moment.
In fact every stable branch of the TYPO3 CMS is in its “Priority Bug &
Security fix” phase. At the same time the postponement of TYPO3 CMS 6.2
has raised many questions among the members of the community concerning
the resulting overlap from version 4.7 after the LTS releases. In
addition to these points we regularly try to explain and try to
establish the actual meaning of which fixes may find their ways into
branches officially in the mode of “Priority and Security Fixes” only.
The TYPO3 CMS team came to the conclusion that there are no drawbacks by
having no branch that is maintained regularly and that this only is a
result of a special case around TYPO3 CMS 6.2 LTS development. Taking
this unique situation, the CMS release team somehow is responsible for,
into account and valuing the feedback we received from the user base we
considered that we also should extend the maintenance phase of TYPO3 4.7
by another 6 month. As a result we will provide security updates – if
necessary – until October 2014 which gives all customers the opportunity
to start migrating their projects to TYPO3 CMS 6.2 LTS in a timeframe of
about half a year. The overhead created by this will be covered from the
TYPO3 CMS Team Budget of the TYPO3 Association. Since community members
finance the ongoing support extension for TYPO3 CMS 4.7, we highly
appreciate you taking part in the current lifetime expansion, if you or
your customers benefit from it.
Along with these topics we clarified what the security and priority
fixes phase is about. Quite often we find ourselves arguing with
customers and contributors, trying to explain what we mean by priority,
and sadly disappoint contributors if we decide not to accept a patch
made by them.
While we agreed, that the definition of “priority fix” would be
something like “all fixes which prevent a formerly working instance from
being used after something in the environment changed” and the usual
examples like “new browser version and RTE is broken” or “new PHP patch
level release which is incompatible” we considered that there is to much
room for interpretation. A short example showed, that three Release
Managers disagreed on the same patch being important. Reflecting this,
we consider it even harder for contributors and customers to distinguish
whether a patch might be considered as important.
Therefore we agreed on a new guideline for contributors regarding these
branches: In order to avoid these discussions we think that no patch at
all should be merged into these branches. If the release manager or the
release team decides that a fix for a certain issue should be integrated
in an old branch, we will announce that accordingly. Interested people
than might start developing or porting the fix to the branch.
More information about the TYPO3-team-core